sudo apt-get install libapache2-mod-evasive libapache-mod-security
sudo mkdir /var/log/mod_evasive
sudo chown www-data:www-data /var/log/mod_evasive/
sudo nano /etc/apache2/conf.d/modevasive
<ifmodule mod_evasive20.c>
DOSHashTableSize 3097
DOSPageCount 2
DOSSiteCount 50
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 90
DOSLogDir /var/log/mod_evasive
DOSEmailNotify EMAIL@DOMAIN.com
DOSWhitelist 127.0.0.1
</ifmodule>
sudo mkdir /etc/apache2/mod_security_rules
sudo mv base_rules/* /etc/apache2/mod_security_rules
sudo chown -R root:root /etc/apache2/mod_security_rules
sudo nano /etc/apache2/conf.d/modsecurity
<ifmodule mod_security2.c>
Include mod_security_rules/*.conf
SecWriteStateLimit 100
</ifmodule>
locate libxml2.so.2
There are 2 options: /usr/lib/x86_64-linux-gnu/libxml2.so.2 or /usr/lib/i386-linux-gnu/libxml2.so.2. Next, you need to edit the /etc/apache2/mods-enabled/mod-security.load file, replacing the path where the plug-in library with /usr/lib/libxml2.so.2 is located with the path to the library on your system.
sudo a2enmod mod-evasive
sudo a2enmod mod-security
service apache2 restart
slowhttptest -c 65539 -B -g -o my_server_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u DOMAIN.COM -x 10 -p 3
Sat Jun 2 16:41:37 2012:slow HTTP test status on 5th second:
initializing: 0
pending: 564
connected: 217
error: 0
closed: 0
service available: NO
tail /var/log/apache2/error.log
[Sat Jun 02 16:41:38 2012] [warn] ModSecurity: Access denied with code 400. Too many threads [101] of 100 allowed in WRITE state from xxx.xxx.xxx.xxx - Possible DoS Consumption Attack [Rejected]
Source: https://habr.com/ru/post/145215/